package jdbc03;

import org.junit.Test;

import java.sql.*;
import java.util.Scanner;

/*
* 利用预编译解决sql注入问题
* */
public class JDBCDemo01 {

    public static void main(String[] args) throws Exception {
        Scanner scann = new Scanner(System.in);
        System.out.print("请输入用户名:");
        String username = scann.next();
        System.out.print("请输入密码:");
        String password = scann.next();
        Class.forName("com.mysql.jdbc.Driver");
        Connection conn = DriverManager.getConnection("jdbc:mysql://127.0.0.1:3306/test?useSSL=false&characterEncoding=UTF-8", "root", "123456");
        PreparedStatement ps = conn.prepareStatement("select * from test.user where uname=?and password=? ");
        ps.setString(1,username);
        ps.setString(2,password);
        // 利用PreparedStatement接口中的executeUpdate()
        ResultSet resultSet = ps.executeQuery();
        while (resultSet.next()) {
            System.out.println(resultSet.getString("uname")+" "+resultSet.getString("password"));
        }
    ps.close();
        conn.close();
        resultSet.close();
    }
}
